Deploy from FT-Intelligence push #2
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy from FT-Intelligence push | |
| on: | |
| repository_dispatch: | |
| types: | |
| - ft-intelligence-updated | |
| workflow_dispatch: | |
| inputs: | |
| content_ref: | |
| description: FT-Intelligence branch or tag to deploy | |
| required: false | |
| default: primary | |
| content_sha: | |
| description: Optional FT-Intelligence commit SHA to deploy | |
| required: false | |
| permissions: | |
| contents: read | |
| id-token: write | |
| concurrency: | |
| group: organizational-intelligence-deploy | |
| cancel-in-progress: true | |
| jobs: | |
| deploy: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Resolve content source | |
| id: source | |
| shell: bash | |
| run: | | |
| if [[ "${{ github.event_name }}" == "repository_dispatch" ]]; then | |
| echo "repo=${{ github.event.client_payload.content_repo }}" >> "$GITHUB_OUTPUT" | |
| echo "ref=${{ github.event.client_payload.content_ref }}" >> "$GITHUB_OUTPUT" | |
| echo "sha=${{ github.event.client_payload.content_sha }}" >> "$GITHUB_OUTPUT" | |
| echo "path=${{ github.event.client_payload.checkout_path }}" >> "$GITHUB_OUTPUT" | |
| else | |
| echo "repo=${{ github.repository_owner }}/FT-Intelligence" >> "$GITHUB_OUTPUT" | |
| echo "ref=${{ inputs.content_ref || 'primary' }}" >> "$GITHUB_OUTPUT" | |
| echo "sha=${{ inputs.content_sha }}" >> "$GITHUB_OUTPUT" | |
| echo "path=FT-Intelligence" >> "$GITHUB_OUTPUT" | |
| fi | |
| - name: Summarize deploy request | |
| shell: bash | |
| run: | | |
| { | |
| echo "## organizational-intelligence deploy request" | |
| echo | |
| echo "- Trigger: \`${{ github.event_name }}\`" | |
| echo "- Content repo: \`${{ steps.source.outputs.repo }}\`" | |
| echo "- Content ref: \`${{ steps.source.outputs.ref }}\`" | |
| echo "- Content sha: \`${{ steps.source.outputs.sha || '(not provided)' }}\`" | |
| echo "- Checkout path: \`${{ steps.source.outputs.path }}\`" | |
| echo "- REPOSITORY_FOLDER: \`./${{ steps.source.outputs.path }}\`" | |
| } >> "$GITHUB_STEP_SUMMARY" | |
| - name: Validate workflow configuration | |
| shell: bash | |
| env: | |
| GCLOUD_PROJECT_ID: ${{ vars.GCLOUD_PROJECT_ID }} | |
| GCLOUD_REGION: ${{ vars.GCLOUD_REGION }} | |
| GCLOUD_SERVICE: ${{ vars.GCLOUD_SERVICE }} | |
| GCP_SERVICE_ACCOUNT: ${{ vars.GCP_SERVICE_ACCOUNT }} | |
| GCP_WORKLOAD_IDENTITY_PROVIDER: ${{ vars.GCP_WORKLOAD_IDENTITY_PROVIDER }} | |
| MCP_AUTH_BEARER_TOKEN: ${{ secrets.MCP_AUTH_BEARER_TOKEN }} | |
| OI_AUTOMATION_APP_CLIENT_ID: ${{ vars.OI_AUTOMATION_APP_CLIENT_ID }} | |
| OI_AUTOMATION_APP_PRIVATE_KEY: ${{ secrets.OI_AUTOMATION_APP_PRIVATE_KEY }} | |
| OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }} | |
| SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }} | |
| SLACK_SIGNING_SECRET: ${{ secrets.SLACK_SIGNING_SECRET }} | |
| run: | | |
| missing=() | |
| [[ -n "${OI_AUTOMATION_APP_CLIENT_ID}" ]] || missing+=("Actions variable OI_AUTOMATION_APP_CLIENT_ID") | |
| [[ -n "${OI_AUTOMATION_APP_PRIVATE_KEY}" ]] || missing+=("Actions secret OI_AUTOMATION_APP_PRIVATE_KEY") | |
| [[ -n "${GCLOUD_PROJECT_ID}" ]] || missing+=("Actions variable GCLOUD_PROJECT_ID") | |
| [[ -n "${GCLOUD_REGION}" ]] || missing+=("Actions variable GCLOUD_REGION") | |
| [[ -n "${GCLOUD_SERVICE}" ]] || missing+=("Actions variable GCLOUD_SERVICE") | |
| [[ -n "${GCP_WORKLOAD_IDENTITY_PROVIDER}" ]] || missing+=("Actions variable GCP_WORKLOAD_IDENTITY_PROVIDER") | |
| [[ -n "${GCP_SERVICE_ACCOUNT}" ]] || missing+=("Actions variable GCP_SERVICE_ACCOUNT") | |
| [[ -n "${OPENAI_API_KEY}" ]] || missing+=("Actions secret OPENAI_API_KEY") | |
| [[ -n "${SLACK_BOT_TOKEN}" ]] || missing+=("Actions secret SLACK_BOT_TOKEN") | |
| [[ -n "${SLACK_SIGNING_SECRET}" ]] || missing+=("Actions secret SLACK_SIGNING_SECRET") | |
| [[ -n "${MCP_AUTH_BEARER_TOKEN}" ]] || missing+=("Actions secret MCP_AUTH_BEARER_TOKEN") | |
| if (( ${#missing[@]} > 0 )); then | |
| printf '::error::Missing required GitHub Actions configuration:\n' >&2 | |
| printf '::error:: - %s\n' "${missing[@]}" >&2 | |
| exit 1 | |
| fi | |
| - name: Checkout organizational-intelligence | |
| uses: actions/checkout@v4 | |
| - name: Create GitHub App token | |
| id: app-token | |
| uses: actions/create-github-app-token@v3 | |
| with: | |
| client-id: ${{ vars.OI_AUTOMATION_APP_CLIENT_ID }} | |
| private-key: ${{ secrets.OI_AUTOMATION_APP_PRIVATE_KEY }} | |
| owner: ${{ github.repository_owner }} | |
| repositories: | | |
| FT-Intelligence | |
| - name: Checkout FT-Intelligence | |
| uses: actions/checkout@v4 | |
| with: | |
| repository: ${{ steps.source.outputs.repo }} | |
| ref: ${{ steps.source.outputs.sha || steps.source.outputs.ref }} | |
| path: ${{ steps.source.outputs.path }} | |
| token: ${{ steps.app-token.outputs.token }} | |
| - name: Set up Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: 20 | |
| cache: npm | |
| - name: Install dependencies | |
| run: npm ci | |
| - name: Authenticate to Google Cloud | |
| uses: google-github-actions/auth@v2 | |
| with: | |
| workload_identity_provider: ${{ vars.GCP_WORKLOAD_IDENTITY_PROVIDER }} | |
| service_account: ${{ vars.GCP_SERVICE_ACCOUNT }} | |
| - name: Set up gcloud | |
| uses: google-github-actions/setup-gcloud@v3 | |
| - name: Verify FT-Intelligence checkout | |
| shell: bash | |
| run: | | |
| echo "Using FT-Intelligence source:" | |
| echo " repository: ${{ steps.source.outputs.repo }}" | |
| echo " ref: ${{ steps.source.outputs.ref }}" | |
| echo " sha: ${{ steps.source.outputs.sha }}" | |
| echo " path: ${{ steps.source.outputs.path }}" | |
| find "${{ steps.source.outputs.path }}/prompts" -maxdepth 1 -type f -name '*.md' -print | sort || true | |
| find "${{ steps.source.outputs.path }}/sharedContext" -maxdepth 1 -type f -name '*.md' -print | sort || true | |
| { | |
| echo | |
| echo "### Runner checkout contents" | |
| echo | |
| echo "Prompts:" | |
| find "${{ steps.source.outputs.path }}/prompts" -maxdepth 1 -type f -name '*.md' -print | sort || true | |
| echo | |
| echo "Shared context:" | |
| find "${{ steps.source.outputs.path }}/sharedContext" -maxdepth 1 -type f -name '*.md' -print | sort || true | |
| } >> "$GITHUB_STEP_SUMMARY" | |
| - name: Deploy organizational-intelligence | |
| env: | |
| GCLOUD_PROJECT_ID: ${{ vars.GCLOUD_PROJECT_ID }} | |
| GCLOUD_REGION: ${{ vars.GCLOUD_REGION }} | |
| GCLOUD_SERVICE: ${{ vars.GCLOUD_SERVICE }} | |
| MCP_AUTH_BEARER_TOKEN: ${{ secrets.MCP_AUTH_BEARER_TOKEN }} | |
| OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }} | |
| REPOSITORY_FOLDER: ./${{ steps.source.outputs.path }} | |
| SERVICE_NAME: ${{ vars.GCLOUD_SERVICE }} | |
| SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }} | |
| SLACK_SIGNING_SECRET: ${{ secrets.SLACK_SIGNING_SECRET }} | |
| run: npm run deploy |